Details
-
Task
-
Resolution: Won't Do
-
Major
-
None
-
None
-
None
-
None
Description
There is an instance of axis included in Fuse IDE 2.1:
FuseIDE/plugins/org.apache.axis_1.4.0.v201005080400/lib/axis.jar
This file checksum matches with axis 1.4 from the maven central repo, which is known to be vulnerable:
http://mvnrepository.com/artifact/org.apache.axis/axis/1.4
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5784
Can this dependency be removed?